AMENDMENTS TO THE CLAIMS 

The following listing of claims will replace all prior versions and listings of claims 
in the application. 

Listing Of Claims 

1 . (withdrawn) A communication device which is connected via a network to a 
session control server so as to be able to communicate with the session control server, 
and which establishes a session with another communication device by performing 
signal transmission to and reception from said session control server, comprising: 

a unit which generates an asymmetric key pair; 

a requesting unit which requests certificate issuance for a public key in said 
asymmetric key pair to said session control server; 

a receiving unit which receives notification of public key certificate issuance 
completion from said session control server; 

a storage unit which stores a public key certificate which has been received; 

a sending unit which sends a registration request of the location of said 
communication device to said session control server; and 

a receiving unit which receives notification of location registration completed, 
including a term of validity, from said session control server; 

wherein said location registration request and said certificate issuance request 
are sent as a combined request. 

2. (withdrawn) A communication device according to claim 1 , wherein said storage 
unit which stores said public key certificate stores a term of validity which are included 
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in a location registration completed notification as the term of validity of the certificate 
which is issued. 

3. (withdrawn) A communication device which is connected via a network to a 
session control server so as to be able to communicate with the session control server, 
and which establishes a session with another communication device by performing 
signal transmission to and reception from said session control server, comprising: 

a unit which generates an asymmetric key pair; 

a storage unit which stores a public key certificate from among said asymmetric 
key pair; 

a sending unit which sends a registration request of said public key certificate to 
said session control server; 

a sending unit which sends a registration request of the location of said 
communication device to said session control server; and 

a receiving unit which receives notification of location registration completed, 
including a term of validity, from said session control server. 

4. (withdrawn) A communication device according to claim 3, wherein said storage 
unit which stores said public key certificate stores a term of validity which are included 
in a location registration completed notification as the term of validity of the certificate 
which is issued. 
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5. (currently amended) A server that establishes a session between first and 
second communication devices, comprising: 

a receiving unit that receives, from the first communication device, a request for 

registering an address information on the first communication device and issuing a 
public key certificate of the first communication device; 

an issuing-and-validating unit that issues the public key certificate of the first 

communication device to the first communication device; and 

a storing unit that stores the address information and the public key certificate 

with a validity period of the address information being set to that of the public key 
certificate. 

A s e ss i on contro l s e rv e r wh i ch i s connect e d v i a a n e twork to a p l ura li ty of 
commun i cat i on d e v i c e s so as to b e ab le to commun i cat e w i th th e commun i cat i on 
d e v i c e s, and wh i ch, by r e c ei v i ng a s i gna l wh i ch i s s e nt from a commun i cat i on d e v i c e on 
a s i gna l or i g i nat i ng s i d e , and s e nd i ng th e signa l wh i ch i t has r e c ei v e d to a 
commun i cat i on d e v i c e on th e s i gna l r e c e pt i on s i d e , e stab li sh e s a s e ss i on b e tw ee n sa i d 
commun i cat i on d e v i c e on th e s i gna l or i g i nating s i d e and sa i d commun i cat i on d e v i c e on 
th e s i gna l r e c e pt i on s i d e , compr i s i ng: 

a r e c ei v i ng un i t wh i ch r e c ei v e s a l ocat i on r e g i strat i on r e qu e st from sa i d 

commun i cat i on d e v i c e , and a c e rt i f i cat e i ssuanc e r e qu e st or a c e rt i f i cat e r e g i strat i on 
r e qu e st for a pub li c k e y, as a comb i n e d r e qu e st; 

a un i t wh i ch r e c ei v e s sa i d r e qu e st, and which p e rforms i ssuanc e of a pub li c k e y 

c e rt i f i cat e , or conf i rms th e va li d i ty of sa i d pub li c k e y c e rt i f i cat e ; and 
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a un i t wh i ch stor e s sa i d pub li c k e y c e rt i f i cat e wh i ch has b ee n i ssu e d or r e g i st e r e d 

and l ocat i on i nformat i on, a l ong w i th a t e rm of va li d i ty. 



6. (currently amended) The server according to claim 5, wherein 

the receiving unit receives, from the second communication device, a request for 

validating the public key certificate issued to the first communication device, and 

the issuing-and-validating unit validates the public key certificate and indicates a 

result of the validation to the second communication device. 

A s e ss i on contro l s e rv e r accord i ng to cla i m 5, furth e r compr i s i ng: 
a r e c ei v i ng un i t wh i ch r e c e ives an i nqu i ry r e qu e st for sa i d pub li c k e y c e rt i f i cat e ; 

a s e nd i ng un i t wh i ch not i f ie s sa i d pub li c k e y c e rt i f i c a t e , aft e r hav i ng conf i rm e d 

th e va li d i ty of sa i d pub li c k e y c e rt i f i cat e . 

7. (withdrawn) A communication system for mutually establishing a session with a 
communication device, and which is connected via a network so as to be capable of 
communication, comprising: 

a communication device which comprises a mean which generates an 
asymmetric key pair, a requesting unit which performs a request for issuance of a 
certificate for a public key, a receiving unit which receives notification of certificate 
issuance, a storage unit which stores a public key certificate, a sending unit which 
sends a location registration request, and a unit which receives a location registration 
completed notification which includes a term of validity; and 



Serial No. 10/530,238 



Page 9 of 38 



a session control server which comprises a receiving unit which receives a 
location registration request from said communication device, a receiving unit which 
receives a combination of a request for certificate issuance or certificate registration for 
a public key, a unit which issues a certificate or confirms the validity of a certificate, and 
a storage unit which stores a certificate which has been issued or registered and 
location information together with an expiry. 

8. (withdrawn) A communication system according to claim 7, wherein 

said communication device comprises a storage unit which stores a term of 
validity which is included in a location registration completed notification as a term of 
validity of a public key certificate which has been issued, and 

said session control server comprises a receiving unit which receives a certificate 
inquiry request, and a unit which sends a certificate notification. 

9. (withdrawn) A communication system according to claim 7, wherein 

said communication device comprises a unit which stores an asymmetric key 
pair, and a sending unit which sends a registration request for a public key certificate; 
and 

said session control server comprises a receiving unit which receives a certificate 
inquiry request, and a sending unit for a certificate notification. 

10. (currently amended) A method for a server to control a session between first 
and second communication devices, comprising: 
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receiving, from the first communication device, a signal for requesting a 

registration of an address information on the first communication device; 

determining whether or not the signal includes a request for issuing a public key 

certificate of the first communication device to the first communication device; 

issuing the public key certificate when the signal is determined to include the 

request for issuing the public key certificate; 

storing the address information and the public key certificate of the first 

communication device with a validity period of the address information being set to that 
of the public key certificate; and 

transmitting, to the first communication device, a signal that indicates a 

completion of registering the address information and includes the public key certificate. 

A commun i cat i on m e thod for mutua ll y e stab li sh i ng a s e ss i on w i th a 
commun i cat i on d e v i c e , wh i ch i s conn e ct e d v i a a n e twork so as to b e capab le of 
commun i cat i on, wh e r ei n: 

a s e ss i on contro l s e rv e r, wh e n i t r e c e ives a r e qu e st s i gna l from a commun i cat i on 

d e v i c e for l ocat i on r e g i strat i on and c e rt i f i cat e issuanc e , d e t e rm i n e s th e typ e of th e 
s i gna l , and, i f i t i s a l ocat i on r e g i strat i on r e qu e st, mak e s a d e c i s i on as to wh e th e r or not 
i t i nc l ud e s a c e rt i f i cat e i ssuanc e r e qu e st, and, if an i ssuanc e r e qu e st i s i nc l ud e d w i th i n 
sa i d s i gna l , i ssu e s a c e rt i f i cat e , and a l ong with manag i ng sa i d l ocat i on i nformat i on and 
sa i d c e rt i f i cat e , s e nds a s i gna l for l ocation i nformat i on and c e rt i f i cat e i ssuanc e 
comp le t i on to sa i d commun i cat i on d e v i c e . 
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1 1 . (currently amended) A method for a first server to control a session between first 
and second communication devices, comprising: 

receiving, from the second communication device, a signal for requesting a 

validation of a public key certificate of the first communication device; 

determining whether or not the signal is addressed to the first server; 

validating the public key certificate when the signal is determined to be 

addressed to the first server; 

transmitting a result of the validation to the second communication device; and 

transferring the signal to a second server when the signal is determined to be 

addressed to the second server. 

A commun i cat i on m e thod for mutually estab li sh i ng a s e ss i on w i th a 
commun i cat i on d e v i c e , wh i ch i s conn e ct e d v i a a n e twork so as to b e capab le of 
commun i cat i on, wh e r ei n: 

a s e ss i on contro l s e rv e r, wh e n i t r e ceives a c e rt i f i cat e qu e ry r e qu e st s i gna l from 

a commun i cat i on d e v i c e , a l ong w i th p e rform i ng s e ss i on contro l , d e c i d e s wh e th e r or not 
i t i s addr e ss e d to i ts own doma i n, and, i f it is addr e ss e d to i ts own doma i n, d e t e rm i n e s 
th e typ e of th e s i gna l , and i f i t i s a c e rt i f i cat e qu e ry r e qu e st, d e c i d e s wh e th e r or not a 
c e rt i f i cat e i s pr e s e nt, and i f th e r e i s a c e rt i ficat e , s e arch e s a corr e spond i ng c e rt i f i cat e , 
conf i rms th e va li d i ty of th e c e rt i f i cat e which has b ee n s e arch e d, and s e nds a c e rt i f i cat e 
not i f i cat i on to sa i d commun i cat i on dev i c e ; wh ile , i f it i s not addr e ss e d to i ts own doma i n, 
i t transf e rs sa i d c e rt i f i cat e qu e ry r e quest s i gna l to th e d e st i nat i on s e ss i on contro l s e rv e r. 



12-13. (cancelled) 
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14. (currently amended) A computer readable recording medium storing a program 
for a server to control a session between first and second communication devices, the 
program making a computer execute: 

receiving, from the first communication device, a signal for requesting a 
registration of an address information on the first communication device; 

determining whether or not the signal includes a request for issuing a public key 
certificate of the first communication device to the first communication device; 

issuing the public key certificate when the signal is determined to include the 
request for issuing the public key certificate; 

storing the address information and the public key certificate of the first 
communication device with a validity period of the address information being set to that 
of the public key certificate; and 

transmitting, to the first communication device, a signal that indicates a 
completion of registering the address information and includes the public key 
certificate. , i n wh i ch a program for communicat i on accord i ng to c l a i m 12 i s r e cord e d. 

15. (currently amended) A computer readable recording medium storing a program 
for a first server to control a session between first and second communication devices, 
the program making a computer execute: 

receiving, from the second communication device, a signal for requesting a 
validation of a public key certificate of the first communication device; 

determining whether or not the signal is addressed to the first server; 

Serial No. 1 0/530,238 Page 1 3 of 38 



validating the public key certificate when the signal is determined to be 

addressed to the first server; 

transmitting a result of the validation to the second communication device; and 
transferring the signal to a second server when the signal is determined to be 

addressed to the second server. , i n wh i ch a program for commun i cat i on accord i ng to 

c l a i m 13 i s r e cord e d. 

16-36. (cancelled) 

37. (withdrawn) A communication device which is connected via a network with a 
session control server so as to be able to perform communication, and which 
establishes a session with another communication device by performing signal 
transmission and reception with said another communication device via at least one of 
said session control server, comprising: 

a mean which, when sending information which is encrypted in order to maintain 
confidentiality of the sent signal, generates a first encryption key for encryption; 

a unit which encrypts the information by using said first encryption key; 

a unit which encrypts said first encryption key using an arbitrary second 
encryption key; and 

a mean which sends a signal which includes the information which has been 
encrypted with said first encryption key, to which said first encryption key which has 
been encrypted is attached, 
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wherein the unit which encrypts said first encryption key with the second 
encryption key encrypts the first encryption key with the second encryption key of a 
single session control server which is permitted only reference to the information within 
the signal, or which is permitted both reference and modification; and 

the unit which sends the information which has been encrypted with said first 
encryption key sends said first encryption key which has been encrypted, the 
information which has been encrypted with said first encryption key, and a decryption 
request command to said session control server, or a decryption request command and 
a change permission notification. 

38. (withdrawn) A session control server which is connected via a network to a 
plurality of communication devices so as to be able to communicate with the 
communication devices and to another session control server, and which, by receiving a 
signal which is sent from a communication device on a signal originating side or said 
another session control server, and sending the signal which it has received to a 
communication device on a signal reception side or said another session control server, 
establishes a session between said communication device on the signal originating side 
and said communication device on the signal reception side, comprising: 

a unit which receives a signal which includes information to which a first 
encryption key which has been encrypted is attached, and which has been encrypted 
with said first encryption key; 

a unit which decrypts the first encryption key with a second decryption key which 
corresponds to its own second encryption key; 
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a unit which decrypts the information using the first encryption key which has 
been obtained by decryption; 

a unit which encrypts the first encryption key which has been obtained by 
decryption with an arbitrary second encryption key; and 

a unit which sends a signal which includes information which has been encrypted 
with the first encryption key which has been obtained by decryption, and attaches the 
first encryption key which has been obtained by decryption, after it has been encrypted 
with the arbitrary second encryption key, 

wherein, when said receiving unit receives the signal which includes the 
information which has been encrypted, obtains said first encryption key by making a 
decision as to the presence or absence of a decryption request and obtaining said first 
encryption key by decrypting the encryption key with a second decryption key which 
corresponds to said second encryption key, or by decrypting said encryption key with a 
second decryption key which corresponds to said second encryption key and making a 
decision as to the presence or absence of a decryption request, or by performing both 
thereof; 

said information decryption unit decrypts the information which has encrypted 
with said first encryption key; and 

said encryption unit encrypts the first encryption key which has been obtained 
with a second encryption key of said another session control server which passes 
through during transmission and reception, and which are permitted with either only 
reference, or both reference and modification, or with a second encryption key of a 
transmission destination communication device; and 
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said sending unit sends said first encryption key which has been encrypted, the 
information which has been encrypted with the first encryption key which has been 
obtained, and, if the second encryption key is an encryption key of said another session 
control server, a decryption request command, or a decryption request command and 
an alteration permit notification, for said another session control server. 

39. (withdrawn) A session control server according to claim 38, wherein in addition 
to said unit, further includes: 

a unit which, when sending a signal which includes information which is 
encrypted in order to preserve the confidentiality of the sent signal, generates a new 
first encryption key for encryption; 

a unit which encrypts the information using said first encryption key which has 
been generated; 

a unit which encrypts said first encryption key which has been generated by 
using an arbitrary second encryption key; and 

a unit which sends a signal to which said first encryption key which has been 
generated and which has been encrypted with said second encryption key is attached, 
and which includes the information which has been encrypted with said first encryption 
key which has been generated, 

wherein the encryption unit for said first encryption key encrypts the first 
encryption key which has been obtained with a second encryption key of said another 
session control server which passes through during transmission and reception, and 
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which are permitted with either only reference, or both reference and modification, or 
with a second encryption key of a transmission destination communication device; and 
said sending unit sends said first encryption key which has been generated and 
encrypted, the information which has been encrypted with the first encryption key which 
has been generated, and, if the second encryption key is an encryption key of said 
another session control server, a decryption request command, or a decryption request 
command and an alteration permit notification, for said another session control server. 

40. (withdrawn) A session control server according to claim 38, further comprising: 

a unit which stores said first encryption key by session and opposing device; and 
a reuse unit which reuses said first encryption key in the same session, at least 
one of encryption and decryption of information in the same opposing device. 

41 . (withdrawn) A communication device which is connected via a network with a 
session control server so as to be able to perform communication, and which 
establishes a session with another communication device by performing signal 
transmission and reception with said session control server, comprising: 

a unit which receives a signal to which a first encryption key which has been 
encrypted is attached, and which includes information which has been encrypted; 
a unit which decrypts said first encryption key; 
a unit which decrypts the information with said first encryption key; 
a unit which stores said first encryption key by session and opposing device; 
a unit which encrypts information using said first encryption key; and 
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a unit which sends a signal which includes the information which has been 
encrypted with said first encryption key, 

wherein said first encryption key which has been stored in said storage unit is 
employed for at least one of encryption and decryption of information within the same 
session. 

42. (withdrawn) A communication device according to claim 37, further comprising: 
a unit which stores said first encryption key by session and opposing device; 

a unit which encrypts information by using said first encryption key; 

a unit which sends a signal which includes the information which has been 
encrypted with said first encryption key; 

a unit which receives a signal which includes information which has been 
encrypted with said first encryption key; and 

a unit which decrypts the information by using said first encryption key, 

wherein said first encryption key which has been stored in said storage unit is 
employed for at least one of encryption and decryption of information within the same 
session. 

43. (withdrawn) A communication device according to claim 37, further comprising a 
unit which periodically updates said first encryption key which is managed by session 
and opposing device, 

wherein said updating unit comprises: 

a unit which newly generates a first encryption key; 
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an encryption key encryption unit which encrypts said first encryption key with an 
arbitrary second encryption key, or with a first encryption key which is already stored; 
and 

a unit which sends a signal to which is attached said first encryption key which 
has been encrypted with the arbitrary second encryption key, and which includes 
information which has been encrypted with said first encryption key. 

44. (withdrawn) A communication device according to claim 41 , further comprising a 
unit which periodically updates said first encryption key which is managed by session 
and opposing device, 

wherein said updating unit comprises: 

a unit which newly generates a first encryption key; 

an encryption key encryption unit which encrypts said first encryption key with an 
arbitrary second encryption key, or with a first encryption key which is already stored; 
and 

a unit which sends a signal to which is attached said first encryption key which 
has been encrypted with the arbitrary second encryption key, and which includes 
information which has been encrypted with said first encryption key. 

45. (withdrawn) A session control server according to claim 37, further comprising: 
a unit which periodically updates said first encryption key which is managed by 

session and opposing device; 
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a unit which receives a signal which includes information which has been 
encrypted with said first encryption key, and to which is attached a new first encryption 
key which has been encrypted with an arbitrary second encryption key, or with the first 
encryption key which is already stored; 

a unit which encrypts information using the new first encryption key which has 
been updated; and 

a unit which sends the new encryption key which has been updated, together 
with the encrypted information, 

wherein said sending unit sends the information which has been encrypted with 
said first encryption key, and attaches the new first encryption key which has been 
encrypted with said desired second encryption key, or with said first encryption key 
which is already stored. 

46. (withdrawn) A session control server according to claim 38, comprising: 

a unit which periodically updates the first encryption key which is managed by 

session and said opposing device; 

a unit which receives a signal, with a new first encryption key attached which has 

been encrypted with an arbitrary second encryption key or with a first encryption key 

which is already stored, which includes information which has been encrypted with said 

first encryption key; 

a unit which encrypts information by using the first encryption key which has 

newly been updated; and 
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a unit which sends the first encryption key which has newly been updated, along 
with the encrypted information, 

wherein said sending unit sends the signal, with said new first encryption key 
attached which has been encrypted with said an arbitrary second encryption key or with 
said first encryption key which is already stored, which includes information which has 
been encrypted with said first encryption key. 

47. (withdrawn) A communication system which is connected via a network so as to 
be able to perform communication each other, and which establishes a session by 
performing mutual signal send and reception with a communication device, comprising: 

a unit which receives a signal to which a first encryption key which has been 
encrypted is attached, and which includes information which has been encrypted with 
said first encryption key; a unit which decrypts the first encryption key with a second 
decryption key which corresponds to its own second encryption key; a unit which 
decrypts the information by using the first encryption key which has been obtained by 
decryption; a unit which encrypts the first encryption key which has been obtained by 
decryption using an arbitrary second encryption key; and a unit which, after having 
performed encryption with the arbitrary second encryption key, sends a signal, with said 
first encryption key which has been obtained by decryption attached, which includes 
information which has been encrypted with said first encryption key which has been 
obtained by decryption, 

wherein a session control server which, when said receiving unit receives the 
signal which includes the information which has been encrypted, obtains said first 
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encryption key by making a decision as to the presence or absence of a decryption 
request and by decrypting the encryption key with a second decryption key which 
corresponds to said second encryption key, or by decrypting said encryption key with a 
second decryption key which corresponds to said second encryption key and making a 
decision as to the presence or absence of a decryption request, or by performing both 
thereof; decrypts the information which said information decryption unit has encrypted 
with said first encryption key; wherein said encryption unit encrypts the first encryption 
key which has been obtained with a second encryption key of said another session 
control server which passes through during transmission and reception, and which are 
permitted with either only reference, or both reference and modification, or with a 
second encryption key of a transmission destination communication device; and said 
sending unit sends said first encryption key which has been encrypted, the information 
which has been encrypted with the first encryption key which has been obtained, and, if 
the second encryption key is an encryption key of said another session control server, a 
decryption request command for said another session control server; 

a communication device which comprises: a unit which, when sending a signal 
which includes information which is encrypted in order to preserve the confidentiality of 
the sent signal, generates a new first encryption key for encryption; a unit which 
encrypts the information by using said first encryption key for encryption; a unit which 
encrypts said first encryption key by using an arbitrary second encryption key; and a 
unit which sends a signal to which said first encryption key which has been encrypted is 
attached, and which includes the information which has been encrypted with said first 
encryption key, wherein the unit which encrypts said first encryption key with the second 



Serial No. 10/530,238 



Page 23 of 38 



encryption key encrypts the first encryption key with a second encryption key of said 
another session control server on which either only reference, or both reference and 
modification, are permitted, or with a second encryption key of a transmission 
destination communication device; and the unit which sends a signal which includes the 
information which has been encrypted with said first encryption key sends said first 
encryption key which has been encrypted, the information which has been encrypted 
with the first encryption key, and, if said second encryption key is an encryption key of 
said session control server, a decryption request command to said session control 
server; 

or a communication device which, in addition to said unit, comprises: a unit 
which, when sending a signal which includes information which is encrypted in order to 
preserve the confidentiality of the sent signal, generates a new first encryption key for 
encryption; a unit which encrypts the information by using said first encryption key for 
encryption which has been generated; a unit which encrypts said first encryption key 
which has been generated by using an arbitrary second encryption key; and a unit 
which sends a signal to which said first encryption key which has been generated and 
which has been encrypted with said second encryption key is attached, and which 
includes the information which has been encrypted with said first encryption key which 
has been generated, wherein the unit which encrypts said first encryption key encrypts 
said first encryption key which has been generated with a second encryption key of an 
another session control server which passes through during transmission and reception, 
and which are permitted with either only reference, or both reference and modification, 
or with a second encryption key of a transmission destination communication device; 
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and said sending unit sends said first encryption key which has been generated and 
encrypted, the information which has been encrypted with said first encryption key 
which has been generated, and, if the second encryption key is an encryption key of 
said another session control server, a decryption request command for said another 
session control server; 

a unit which receives a signal which includes the information which has been 
encrypted, to which the first encryption key which has been encrypted is attached, and 
which includes the information which has been encrypted; 

a signal reception side communication device which comprises a unit which 
decrypts said first encryption key, a unit which decrypts the information with said first 
encryption key, a unit which stores said first encryption key by session and opposing 
device unit, a unit which encrypts information by using said first encryption key, and a 
unit which sends a signal which includes the information which has been encrypted by 
using said first encryption key, wherein said first encryption key which has been stored 
in said storage unit is employed for at least one of encryption and decryption of 
information in the same session; and 

a signal originating side communication device which comprises a unit which 
stores said first encryption key by session and opposing device unit, a unit which 
encrypts information by using said first encryption key, a unit which sends a signal 
which includes the information which has been encrypted by using said first encryption 
key, a unit which receives a signal which includes information which has been 
encrypted by using said first encryption key, and a unit which decrypts the information 
by using said first encryption key, wherein said first encryption key which has been 
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stored in said storage unit is employed for at least one of encryption and decryption of 
information in the same session. 

48. (withdrawn) A communication system according to claim 47, comprising: 

a session control server which comprises a unit which stores said first encryption 
key by session and opposing device; and a reuse unit which reuses said first encryption 
key for at least one of encryption and decryption of information the same session and in 
the same opposing device; 

a signal reception side communication device which comprises a unit which 
receives an encrypted signal to which the first encryption key which has been encrypted 
is attached, and which includes the information which has been encrypted, a unit which 
decrypts said first encryption key, a unit which decrypts the information with said first 
encryption key, a unit which stores said first encryption key by session and opposing 
device unit, a unit which encrypts information by using said first encryption key, and a 
unit which sends a signal which includes the information which has been encrypted by 
using said first encryption key, wherein said first encryption key which has been stored 
in said storage unit is employed for at least one of encryption and decryption of 
information in the same session; and 

and a signal originating side communication device which comprises a signal 
originating side communication device which comprises a unit which stores said first 
encryption key by session and opposing device unit, a unit which encrypts information 
by using said first encryption key, a unit which sends a signal which includes the 
information which has been encrypted by using said first encryption key, a unit which 
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receives a signal which includes information which has been encrypted by using said 
first encryption key, and a unit which decrypts the information by using said first 
encryption key, wherein said first encryption key which has been stored in said storage 
unit is employed for at least one of encryption and decryption of information in the same 
session. 

49. (withdrawn) A communication system according to claim 47, comprising: 

a session control server which comprises: a unit which periodically updates the 
first encryption key which is managed by session and said opposing device; a unit 
which receives a signal, with a new first encryption key attached which has been 
encrypted with an arbitrary second encryption key or with a first encryption key which is 
already stored, which includes information which has been encrypted with said first 
encryption key; a unit which encrypts information by using the first encryption key which 
has newly been updated; and a unit which sends the first encryption key which has 
newly been updated, along with the encrypted information, wherein said sending unit 
sends the signal, with said new first encryption key attached which has been encrypted 
with said an arbitrary second encryption key attached which has been encrypted with 
said an arbitrary second encryption key or with said first encryption key which is already 
stored, which includes information which has been encrypted with said first encryption 
key; 

a signal originating side communication device which comprises: a unit which 
stores said first encryption key by session and opposing device unit, a unit which 
encrypts information by using said first encryption key, a unit which sends a signal 
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which includes the information which has been encrypted by using said first encryption 
key, a unit which receives a signal which includes information which has been 
encrypted by using said first encryption key, and a unit which decrypts the information 
by using said first encryption key, wherein said first encryption key which has been 
stored in said storage unit is employed for at least one of encryption and decryption of 
information in the same session; and 

a signal originating side or signal reception side communication device which 
comprises a unit which periodically updates the first encryption key which is managed 
by session and said opposing device, wherein said updating unit comprises a unit which 
newly generates the first encryption key, an encryption key encryption unit which 
encrypts said first encryption key with an arbitrary second encryption key, and a unit 
which sends a signal, with said new first encryption key attached which has been 
encrypted with said an arbitrary second encryption key, which includes information 
which has been encrypted with said first encryption key. 

50. (withdrawn) A communication method which sends a session control signal 
which is generated by a signal originating side communication device to a signal 
reception side communication device via a session control server which is trusted, and 
a session control server which is not trusted, wherein: 

said signal originating side communication device encrypts a first encryption key 
which is used for encryption with a second encryption key of a session control server 
which has been made public; 
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a value which indicates a decryption request to said session control server, and a 
contents ID which is to be decrypted, are sent together; 

said session control server decides upon a decryption request according to the 
value of a decryption request parameter, or decides upon a decryption request 
according to whether it is possible or impossible to decrypt data in which the first 
encryption key which has been encrypted is set; 

if there is a decryption request, it is decrypted with a second decryption key 
which corresponds to the second encryption key, and reference to or change of the 
control information between the control devices is made possible; 

after having changed the control information between the communication 
devices, the information after change is encrypted either by employing said first 
encryption key just as it is, or using a first encryption key which has been newly 
generated; and 

the information after change is sent to a next session control server, or to a 
signal reception side communication device. 

51 . (withdrawn) A communication method in which a session control server changes 
the filtering conditions of a NAT/firewall device based upon information which has been 
obtained during establishment of a session, wherein: 

the session control server, after having determined a decryption key for 
decryption, decrypts a first encryption key, and decrypts encrypted information with said 
first encryption key, thus making it possible to refer to or to change control information 
between communication devices; 
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based upon said control information, change of the filtering conditions is 
requested to the NAT/firewall device; 

thereafter, control information between communication devices which has been 
received from a signal reception side communication device is decrypted, and it is made 
possible to refer to, or to change, the control information between communication 
devices; and 

based upon said control information, change of the filtering conditions is 
requested to the NAT/firewall device, and mutual packet passage for main information 
between communication devices is performed by the NAT/firewall device. 

52. (withdrawn) A communication method in which a session control server makes it 
possible to record communication of main information which has been encrypted, based 
upon information which has been obtained during establishment of a session, wherein: 
a session control server, in addition to a request to change filtering conditions to 
a NAT/firewall device or the like, commands main information transfer, and, when main 
information is received from the NAT/firewail device or the like, if said main information 
is encrypted, when transmitting and receiving a signal, decrypts a first encryption key, 
and decrypts the encrypted information, along with control information between 
communication devices which has been obtained by decrypting with said first encryption 
key, by using a key for main information encryption, which has already been obtained, 
and records said main information in a communication recording unit. 
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53. (withdrawn) A program for communication which sends a session control signal 
which has been generated by a signal originating side communication device to a signal 
reception side communication device via a session control server which is trusted and a 
session control server which is not trusted, for causing a computer of said session 
control server to execute: 

a procedure of deciding upon a decryption request according to the value of a 
decryption request parameter, or deciding upon a decryption request according to 
whether it is possible or impossible to decrypt data in which a first encryption key which 
has been encrypted is set; a procedure of, if there is a decryption request, decrypting it 
with a second decryption key which corresponds to the second encryption key, and 
making reference to or change of the control information between the control devices 
possible; a procedure of encrypting the information after change either by employing 
said first encryption key just as it is, or using a first encryption key which has been 
newly generated; and a procedure of sending it to a next session control server, or to a 
signal reception side communication device. 

54. (withdrawn) A program for communication which causes a session control server 
to change the filtering conditions of a NAT/firewall device, based upon information which 
has been obtained during establishment of a session, for causing a computer of said 
session control server to execute: 

a procedure of determining a decryption key for decryption; a procedure of 
performing decryption of a first encryption key; a procedure of decrypting encrypted 
information with said first encryption key, thus making it possible to refer to or to change 
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control information between communication devices; a procedure of, based upon said 
control information, requesting change of the filtering conditions to the NAT/firewall 
device; a procedure of, thereafter, decrypting control information between 
communication devices which has been received from a signal reception side 
communication device, and making it possible to refer to, or to change, the control 
information between communication devices; and a procedure of, based upon said 
control information, requesting change of the filtering conditions to the NAT/firewall 
device 

55. (withdrawn) A program for communication which causes a session control server 
to perform recording of communication of main information which has been encrypted, 
based upon information which has been obtained during establishment of a session, for 
causing a computer of said session control server to execute: 

a procedure of, in addition to a request to change filtering conditions to a 
NAT/firewall device or the like, commanding main information transfer; a procedure of 
receiving main information from the NAT/firewall device or the like; a procedure of, if 
said main information is encrypted, when transmitting and receiving a signal, performing 
decryption of a first encryption key, and decrypting the encrypted information, along with 
control information between communication devices which has been obtained by 
decrypting with said first encryption key, by using a key for main information encryption, 
which has already been obtained; and a procedure of recording said main information in 
a communication recording unit. 
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56. (withdrawn) A computer readable recording medium, in which a program for 
communication according to claim 53 is recorded. 

57. (withdrawn) A computer readable recording medium, in which a program for 
communication according to claim 54 is recorded. 

58. (withdrawn) A computer readable recording medium, in which a program for 
communication according to claim 55 is recorded. 

59. (new) The server according to claim 5, wherein 

the receiving unit receives, from the first communication device, a request for 
registering an address information and a public key certificate of the first communication 
device, 

the issuing-and-validating unit validates the public key certificate, and 
the storing unit stores the address information and the public key certificate with 
a validity period of the address information being set to the public key certificate. 

60. (new) The method according to claim 10, wherein the signal transmitted at the 
transmitting further includes a digital signature of the server. 

61 . (new) The method according to claim 1 1 , wherein the signal received at the 
receiving includes a public key and a digital signature of the second communication 
device. 
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